Back to Home

Terms of Service

Last updated: January 2025

1. Agreement Structure

These Terms of Service ("Terms") govern access to and use of the SOX&AUDIT platform and services ("Services") provided by SOX&AUDIT ("Company," "we," "us"). These Terms apply to Customer organizations ("Customer," "you") and their authorized users.

Your use of the Services is governed by:

  • Master Service Agreement (MSA): The primary contract between Customer and SOX&AUDIT
  • Order Form: Specific subscription terms, pricing, and scope
  • Data Processing Agreement (DPA): Data protection terms (where applicable)
  • These Terms: General terms of service
  • Acceptable Use Policy: Platform usage guidelines

In case of conflict, documents take precedence in the order listed above.

2. Services Description

SOX&AUDIT provides an AI-powered audit automation platform designed for enterprise internal audit and compliance teams. The Services include:

  • AI-assisted document analysis and evidence classification
  • Automated control testing and test procedure generation
  • Workpaper generation and audit documentation
  • Team collaboration and workflow management
  • Analytics, reporting, and audit trail functionality
  • API access for integrations (per your subscription tier)

3. Subscription & Access

Subscription Terms

Access to the Services requires an active subscription as specified in your Order Form. Subscription terms, including scope, pricing, and duration, are defined in the Order Form and MSA.

Authorized Users

Customer may provision access to authorized users within the limits specified in the Order Form. Customer is responsible for:

  • Ensuring users comply with these Terms and Customer's internal policies
  • Managing user access and permissions appropriately
  • Promptly revoking access for users who leave the organization
  • All activities occurring under Customer's account

Authentication

Customer must implement appropriate authentication controls. We support SSO/SAML integration for enterprise identity management. Customer is responsible for credential security and must notify us immediately of any suspected unauthorized access.

4. Data Rights & Ownership

Customer Data

Customer retains all rights, title, and interest in Customer Data. "Customer Data" means all data uploaded, created, or processed by Customer through the Services, including audit evidence, control documentation, workpapers, and related content.

Customer grants us a limited license to process Customer Data solely to provide, maintain, and improve the Services as directed by Customer. This license terminates upon subscription termination and data deletion.

Customer Responsibilities

Customer represents and warrants that:

  • Customer has all necessary rights to upload and process Customer Data
  • Use of Customer Data with the Services does not violate applicable laws or third-party rights
  • Customer will comply with applicable data protection regulations regarding personal data within Customer Data

Data Portability

Customer may export Customer Data at any time through the platform's export functionality or API. Upon subscription termination, Customer has 90 days to export data before deletion.

5. AI Services & Responsible AI

AI Functionality

The Services incorporate artificial intelligence to analyze documents, generate content, and assist with audit workflows. Customer acknowledges that:

  • AI outputs are assistive tools, not substitutes for professional audit judgment
  • AI-generated content requires review and validation by qualified professionals
  • AI performance may vary based on input quality and document characteristics
  • AI does not provide legal, financial, or professional audit opinions

Our AI Commitments

  • No training on Customer Data: We do not use Customer Data to train, fine-tune, or improve general-purpose AI models
  • Human-in-the-loop: Critical outputs require human review and approval
  • Transparency: AI-generated content is identified within the platform
  • Confidentiality: AI sub-processors are bound by confidentiality obligations
  • Continuous improvement: We monitor AI performance and address issues promptly

AI Sub-processors

We use third-party AI providers to deliver certain Services features. These providers process data under strict contractual terms requiring confidentiality, security controls, and prohibition on using Customer Data for model training. Material changes to AI sub-processors will be communicated per your DPA terms.

6. Data Retention & Deletion

Retention During Subscription

Customer Data is retained for the duration of the subscription. Customer controls data retention within the platform and may delete data at any time, subject to audit trail requirements.

Post-Termination

Upon subscription termination:

  • Customer has 90 days to export Customer Data
  • After the export period, Customer Data is deleted within 30 days
  • Audit logs may be retained as required for compliance (typically 7 years)
  • Aggregated, anonymized data may be retained for analytics

Deletion Requests

Customer may request data deletion at any time. We will complete deletion within 90 days, except where retention is required for legal compliance. Certificates of destruction are available upon request.

7. Acceptable Use

Customer agrees to use the Services only for lawful business purposes. Customer shall not:

  • Use the Services for any illegal purpose or in violation of applicable laws
  • Attempt to gain unauthorized access to the Services or related systems
  • Interfere with or disrupt the Services or infrastructure
  • Upload malicious code, malware, or harmful content
  • Reverse engineer, decompile, or attempt to extract source code
  • Resell, sublicense, or distribute access to the Services
  • Use the Services to build a competing product or service
  • Circumvent usage limits or security controls
  • Use automated tools to scrape or extract data from the Services

8. Intellectual Property

Company IP

SOX&AUDIT retains all rights, title, and interest in the Services, including all software, algorithms, interfaces, documentation, and intellectual property. The Services are licensed, not sold.

License Grant

Subject to these Terms and payment of applicable fees, we grant Customer a limited, non-exclusive, non-transferable license to access and use the Services during the subscription term for Customer's internal business purposes.

Feedback

If Customer provides suggestions, ideas, or feedback about the Services, we may use such feedback without obligation or compensation to Customer.

9. Confidentiality

Each party agrees to maintain the confidentiality of the other party's Confidential Information. "Confidential Information" includes:

  • Customer Data and business information
  • Pricing, terms, and commercial arrangements
  • Technical specifications and security information
  • Any information marked as confidential

Confidentiality obligations survive termination for three (3) years, except for trade secrets which are protected indefinitely.

10. Security & Compliance

We maintain comprehensive security measures including:

  • SOC 2 Type II certification
  • Encryption at rest (AES-256) and in transit (TLS 1.3)
  • Role-based access controls and audit logging
  • Regular penetration testing and vulnerability assessments
  • Incident response and business continuity procedures

Security documentation and compliance attestations are available to Customers under NDA.

11. Service Levels

Service level commitments, including uptime guarantees and support response times, are specified in your MSA or SLA addendum. Standard service levels include 99.9% uptime for the production environment, with service credits for qualifying downtime as defined in the SLA.

12. Professional Use Disclaimer

The Services are designed to assist qualified audit and compliance professionals. Customer acknowledges that:

  • The Services do not replace professional judgment or expertise
  • All AI-generated outputs require review by qualified professionals
  • The Services do not constitute audit opinions or professional advice
  • Customer retains responsibility for audit conclusions and compliance determinations
  • Regulatory compliance remains Customer's responsibility

13. Warranties & Disclaimers

Our Warranties: We warrant that the Services will perform materially in accordance with the documentation during the subscription term.

Disclaimer: EXCEPT AS EXPRESSLY PROVIDED, THE SERVICES ARE PROVIDED "AS IS." WE DISCLAIM ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

We do not warrant that the Services will be uninterrupted or error-free, or that AI outputs will be accurate or suitable for any particular purpose.

14. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, REVENUE, DATA, OR BUSINESS OPPORTUNITY.

Our total aggregate liability under these Terms shall not exceed the amounts paid by Customer during the twelve (12) months preceding the claim. This limitation does not apply to breaches of confidentiality, indemnification obligations, or willful misconduct.

15. Indemnification

By Customer: Customer will indemnify and defend us against claims arising from: (a) Customer Data or its use with the Services; (b) Customer's violation of these Terms; (c) Customer's violation of applicable laws.

By Company: We will indemnify and defend Customer against claims that the Services infringe third-party intellectual property rights, subject to limitations in the MSA.

16. Term & Termination

Subscription terms are specified in your Order Form. Either party may terminate for material breach if the breach remains uncured for thirty (30) days after written notice.

Upon termination:

  • Customer's access to the Services ceases
  • Customer has 90 days to export Customer Data
  • Accrued obligations and specified provisions survive termination

17. Modifications

We may update these Terms to reflect changes in our Services or legal requirements. Material changes will be communicated at least 30 days before taking effect. Continued use of the Services after changes become effective constitutes acceptance. If Customer objects to changes, Customer may terminate as provided in the MSA.

18. General Provisions

  • Governing Law: These Terms are governed by the laws of the State of Delaware, without regard to conflict of law principles
  • Dispute Resolution: Disputes shall be resolved through binding arbitration or in the courts of Delaware, as specified in your MSA
  • Entire Agreement: These Terms, together with the MSA and Order Form, constitute the entire agreement
  • Severability: If any provision is found unenforceable, the remaining provisions continue in effect
  • Waiver: Failure to enforce any right does not waive that right
  • Assignment: Customer may not assign these Terms without prior written consent
  • Force Majeure: Neither party is liable for delays caused by circumstances beyond reasonable control
  • Export Compliance: Customer will comply with applicable export control laws

19. Contact

For questions about these Terms:

SOX&AUDIT Legal

Email: legal@soxaudit.ai

For support inquiries, contact support@soxaudit.ai